Sunday, July 03, 2016

[mngsrgaq] Challenge-response authentication with Google Glass

The external computer which knows your public key presents a challenge in the form of a generated QR code.  You, wearing Google Glass, scan the challenge.  Your Google Glass, knowing your private key, computes the response, and projects it into your augmented reality as a series of numbers.  You type the visible numbers into the external computer, authenticating yourself.

Of course, this could be done without Google Glass, for example, just with a smartphone with a barcode reader app.  And the response could also be communicated by other methods than typing: speech, or the phone generating a response QR code which the external computer reads with its barcode reader, or one of the many forms of wireless communication.

If typing, then 2048 bit RSA involves typing some 600 digits, probably more with error correcting codes.  Elliptic curve cryptography is a little bit more compact.

We need standardized protocols to define the format of challenges and responses.  They might not all fit in one QR code, so a protocol to animate multiple in succession to transmit multiple chunks of data.  If we permit animation, then QR might be overkill, EAN-13 (aka UPC) requires less sophisticated scanners.

The inspiration was, human-computer authentication would be so much easier if people could quickly do kilobit modular arithmetic and modular exponentiation in their heads.  With augmented reality, they can.

We need a way so that someone cannot use a stolen or confiscated Google Glass or smartphone to authenticate.

No comments :